\u2018Meeting the cyber risk challenge\u2019, which polled more than 150 risk management professionals across Europe, found that just 16 percent of companies had a chief information security officer in place to manage cyber risk and privacy. However, as an escalating number of companies face dealing with the aftermath of reported data breaches, it is clear that cybercrime knows no boundaries and no organization is immune. First among these is one that sounds elementary, although in reality often turns out to be quite complicated: conduct an audit of the IT and physical security system.<\/p>\n","protected":false},"excerpt":{"rendered":"
In addition to ensuring that firewalls and other security measures are up to industry standard, a thorough security assessment will also identify where sensitive data is stored and whether this can be segmented or further removed from the rest of the IT system. This must include a specific plan to ensure that valuable time is not lost as the organization decides who is in charge of the response efforts.<\/p>\n
Corporates should determine in advance of an incident what the chain of command will be for the incident response team. <\/p>\n
Whether law enforcement can play any meaningful role in the aftermath of a hacking incident is often dictated by the type of incident involved. Even if law enforcement could determine the scope of the incident for the corporate victim, there are serious downsides to this approach for most organizations. <\/p>\n
Hackers rarely leave a detailed list of what they stole and only painstaking reconstruction of a hacker\u2019s activities through sophisticated computer forensics can determine if regulators or individuals need to be notified about the breach.<\/p>\n
This could prove a public relations disaster, especially since the public often blames the corporate victim for failing to prevent the incident, regardless of the facts.<\/p>\n
Link: http:\/\/www.continuitycentral.com\/feature1050.html<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-968","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/968","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=968"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/968\/revisions"}],"predecessor-version":[{"id":3455,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/968\/revisions\/3455"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=968"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=968"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=968"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}